April 22, 2016 •Anthony Curcio
In my last post ("What Does the Guidance on Model Governance Say? A Closer Look at the New Supervisory Guidance from OCC/FRB"), I reviewed the guidance set out by the Office of the Comptroller of the Currency (OCC) and Federal Reserve Board (FRB). This guidance was adopted as OCC Bulletin 2011-12 and FRB SR 11-7, respectively. This week, we will explore a similar breakdown of Federal Housing Finance Agency (FHFA) Model Risk Management guidance AB 2013-07.
AB 2013-07 expands upon the previous bulletin, 2009-AB-03. This new guidance applies not only to FHLBanks, but also to Fannie Mae, Freddie Mac, and the Office of Finance (collectively, the "Regulated Entities"). These institutions have many models and a strong modeling culture, making this guidance highly relevant to the Federal space.
FHFA Guidance in Review
1) Policies and Procedures
First, FHFA's guidance document calls for the following to be defined:
- appetite for risk, classification of models, and assessment of model risk
- acceptable practices for model development, testing, implementation, use, and effective challenge
- appropriate model validation activities
- oversight and controls over the model risk management process
2) Roles and Responsibilities
Next, the guidance defines roles and responsibilities for the key actors in model risk management.
- The Model User is responsible for managing model use risk and ongoing monitoring and mitigation of those risks. The Model User should participate in user acceptance tests, raise model performance issues, and initiate change requests.
- The Model Owner is primarily accountable for the model's development and implementation throughout its life cycle. A Model Owner ensures the model is appropriately developed and used for its intended purpose, maintains adequate documentation, and produces regular reports to inform management on model performance issues.
- The Model Risk Management Group functions as the second layer of control in managing model risk through independent validation of models, periodic reviews, assessments, and continuous monitoring of model risk.
- Internal Audit functions as the third layer of control. It evaluates the overall effectiveness of the model risk management framework and/or (depending on the size of the organization) focuses on evaluating compliance by model owners and users with policies and procedures.
- The Chief Risk Officer owns and approves all model risk policies, standards, and procedures and chairs the risk oversight committee.
- The Board of Directors/Senior Management provide a strong tone from the top related to oversight and governance of risk. They define policies to set risk appetite, reporting requirements, and clear delegations of authority.
- Committees and Working Groups provide the crucial information linkages that allow for vertical and horizontal reporting of models.
- Information Technology (IT) establishes a model-related IT infrastructure and control process and ensures an environment in which models (a) function properly and (b) take full advantage of their capabilities.
3) Frameworks for Model Control and Model Validation
Finally, AB 2013-07 defines a model control framework to guide the development of the policies and procedures for any given model. The framework requires model documentation standards, security, version controls, performance tracking, data integrity, and technical model development standards. Model inventory management, periodic assessments, model validation, risk measurement, limits, and ongoing model risk monitoring are all necessary to actively manage model risk in the organization. The bulletin also defines a model validation framework, since models should be subject to independent validation, monitoring, and periodic reviews.
When applying this FHFA guidance to the Federal sector, risk managers should consider and incorporate additional oversight bodies into their governance plans. Specifically, the Office of Management and Budget (OMB) is not mentioned in FHFA guidance, but it is highly relevant to Federal risk managers. OMB often has a strong voice in estimates, especially when those estimates are included in the President’s Budget.
Subscribe to the Summit Blog to receive the next entry in our model governance series: an illustration of good and bad model governance in action.
If you would like to learn more about this topic, check out Summit's past posts about Federal credit or our other entries on model risk management.
